lib/asn1/check-common.c

   1 /*
   2  * Copyright (c) 1999 - 2006 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in the
  17  *    documentation and/or other materials provided with the distribution.
  18  *
  19  * 3. Neither the name of the Institute nor the names of its contributors
  20  *    may be used to endorse or promote products derived from this software
  21  *    without specific prior written permission.
  22  *
  23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  33  * SUCH DAMAGE.
  34  */
  35
  36 #ifdef HAVE_CONFIG_H
  37 #include <config.h>
  38 #endif
  39 #ifdef HAVE_SYS_MMAN_H
  40 #include <sys/mman.h>
  41 #endif
  42 #include <stdio.h>
  43 #include <string.h>
  44 #include <err.h>
  45 #include <roken.h>
  46
  47 #include "check-common.h"
  48
  49 RCSID("$Id$");
  50
  51 struct map_page {
  52     void *start;
  53     size_t size;
  54     void *data_start;
  55     size_t data_size;
  56     enum map_type type;
  57 };
  58
  59 /* #undef HAVE_MMAP */
  60
  61 void *
  62 map_alloc(enum map_type type, const void *buf,
  63           size_t size, struct map_page **map)
  64 {
  65 #ifndef HAVE_MMAP
  66     unsigned char *p;
  67     size_t len = size + sizeof(long) * 2;
  68     int i;
  69
  70     *map = ecalloc(1, sizeof(**map));
  71
  72     p = emalloc(len);
  73     (*map)->type = type;
  74     (*map)->start = p;
  75     (*map)->size = len;
  76     (*map)->data_start = p + sizeof(long);
  77     for (i = sizeof(long); i > 0; i--)
  78         p[sizeof(long) - i] = 0xff - i;
  79     for (i = sizeof(long); i > 0; i--)
  80         p[len - i] = 0xff - i;
  81 #else
  82     unsigned char *p;
  83     int flags, ret, fd;
  84     size_t pagesize = getpagesize();
  85
  86     *map = ecalloc(1, sizeof(**map));
  87
  88     (*map)->type = type;
  89
  90 #ifdef MAP_ANON
  91     flags = MAP_ANON;
  92     fd = -1;
  93 #else
  94     flags = 0;
  95     fd = open ("/dev/zero", O_RDONLY);
  96     if(fd < 0)
  97         err (1, "open /dev/zero");
  98 #endif
  99     flags |= MAP_PRIVATE;
 100
 101     (*map)->size = size + pagesize - (size % pagesize) + pagesize * 2;
 102
 103     p = (unsigned char *)mmap(0, (*map)->size, PROT_READ | PROT_WRITE,
 104                               flags, fd, 0);
 105     if (p == (unsigned char *)MAP_FAILED)
 106         err (1, "mmap");
 107
 108     (*map)->start = p;
 109
 110     ret = mprotect (p, pagesize, 0);
 111     if (ret < 0)
 112         err (1, "mprotect");
 113
 114     ret = mprotect (p + (*map)->size - pagesize, pagesize, 0);
 115     if (ret < 0)
 116         err (1, "mprotect");
 117
 118     switch (type) {
 119     case OVERRUN:
 120         (*map)->data_start = p + (*map)->size - pagesize - size;
 121         break;
 122     case UNDERRUN:
 123         (*map)->data_start = p + pagesize;
 124         break;
 125    default:
 126         abort();
 127     }
 128 #endif
 129     (*map)->data_size = size;
 130     if (buf)
 131         memcpy((*map)->data_start, buf, size);
 132     return (*map)->data_start;
 133 }
 134
 135 void
 136 map_free(struct map_page *map, const char *test_name, const char *map_name)
 137 {
 138 #ifndef HAVE_MMAP
 139     unsigned char *p = map->start;
 140     int i;
 141
 142     for (i = sizeof(long); i > 0; i--)
 143         if (p[sizeof(long) - i] != 0xff - i)
 144             errx(1, "%s: %s underrun %d\n", test_name, map_name, i);
 145     for (i = sizeof(long); i > 0; i--)
 146         if (p[map->size - i] != 0xff - i)
 147             errx(1, "%s: %s overrun %lu\n", test_name, map_name,
 148                  (unsigned long)map->size - i);
 149     free(map->start);
 150 #else
 151     int ret;
 152
 153     ret = munmap (map->start, map->size);
 154     if (ret < 0)
 155         err (1, "munmap");
 156 #endif
 157     free(map);
 158 }
 159
 160 static void
 161 print_bytes (unsigned const char *buf, size_t len)
 162 {
 163     int i;
 164
 165     for (i = 0; i < len; ++i)
 166         printf ("%02x ", buf[i]);
 167 }
 168
 169 #ifndef MAP_FAILED
 170 #define MAP_FAILED (-1)
 171 #endif
 172
 173 static char *current_test = "<uninit>";
 174 static char *current_state = "<uninit>";
 175
 176 static RETSIGTYPE
 177 segv_handler(int sig)
 178 {
 179     int fd;
 180     char msg[] = "SIGSEGV i current test: ";
 181
 182     fd = open("/dev/stdout", O_WRONLY, 0600);
 183     if (fd >= 0) {
 184         write(fd, msg, sizeof(msg));
 185         write(fd, current_test, strlen(current_test));
 186         write(fd, " ", 1);
 187         write(fd, current_state, strlen(current_state));
 188         write(fd, "\n", 1);
 189         close(fd);
 190     }
 191     _exit(1);
 192 }
 193
 194 int
 195 generic_test (const struct test_case *tests,
 196               unsigned ntests,
 197               size_t data_size,
 198               int (*encode)(unsigned char *, size_t, void *, size_t *),
 199               int (*length)(void *),
 200               int (*decode)(unsigned char *, size_t, void *, size_t *),
 201               int (*free_data)(void *),
 202               int (*cmp)(void *a, void *b),
 203               int (*copy)(const void *from, void *to))
 204 {
 205     unsigned char *buf, *buf2;
 206     int i;
 207     int failures = 0;
 208     void *data;
 209     struct map_page *data_map, *buf_map, *buf2_map;
 210
 211     struct sigaction sa, osa;
 212
 213     for (i = 0; i < ntests; ++i) {
 214         int ret;
 215         size_t sz, consumed_sz, length_sz, buf_sz;
 216         void *to = NULL;
 217
 218         current_test = tests[i].name;
 219
 220         current_state = "init";
 221
 222         sigemptyset (&sa.sa_mask);
 223         sa.sa_flags = 0;
 224 #ifdef SA_RESETHAND
 225         sa.sa_flags |= SA_RESETHAND;
 226 #endif
 227         sa.sa_handler = segv_handler;
 228         sigaction (SIGSEGV, &sa, &osa);
 229
 230         data = map_alloc(OVERRUN, NULL, data_size, &data_map);
 231
 232         buf_sz = tests[i].byte_len;
 233         buf = map_alloc(UNDERRUN, NULL, buf_sz, &buf_map);
 234
 235         current_state = "encode";
 236         ret = (*encode) (buf + buf_sz - 1, buf_sz,
 237                          tests[i].val, &sz);
 238         if (ret != 0) {
 239             printf ("encoding of %s failed %d\n", tests[i].name, ret);
 240             ++failures;
 241             continue;
 242         }
 243         if (sz != tests[i].byte_len) {
 244             printf ("encoding of %s has wrong len (%lu != %lu)\n",
 245                     tests[i].name,
 246                     (unsigned long)sz, (unsigned long)tests[i].byte_len);
 247             ++failures;
 248             continue;
 249         }
 250
 251         current_state = "length";
 252         length_sz = (*length) (tests[i].val);
 253         if (sz != length_sz) {
 254             printf ("length for %s is bad (%lu != %lu)\n",
 255                     tests[i].name, (unsigned long)length_sz, (unsigned long)sz);
 256             ++failures;
 257             continue;
 258         }
 259
 260         current_state = "memcmp";
 261         if (memcmp (buf, tests[i].bytes, tests[i].byte_len) != 0) {
 262             printf ("encoding of %s has bad bytes:\n"
 263                     "correct: ", tests[i].name);
 264             print_bytes ((unsigned char *)tests[i].bytes, tests[i].byte_len);
 265             printf ("\nactual:  ");
 266             print_bytes (buf, sz);
 267             printf ("\n");
 268 #if 0
 269             rk_dumpdata("correct", tests[i].bytes, tests[i].byte_len);
 270             rk_dumpdata("actual", buf, sz);
 271             exit (1);
 272 #endif
 273             ++failures;
 274             continue;
 275         }
 276
 277         buf2 = map_alloc(OVERRUN, buf, sz, &buf2_map);
 278
 279         current_state = "decode";
 280         ret = (*decode) (buf2, sz, data, &consumed_sz);
 281         if (ret != 0) {
 282             printf ("decoding of %s failed %d\n", tests[i].name, ret);
 283             ++failures;
 284             continue;
 285         }
 286         if (sz != consumed_sz) {
 287             printf ("different length decoding %s (%ld != %ld)\n",
 288                     tests[i].name,
 289                     (unsigned long)sz, (unsigned long)consumed_sz);
 290             ++failures;
 291             continue;
 292         }
 293         current_state = "cmp";
 294         if ((*cmp)(data, tests[i].val) != 0) {
 295             printf ("%s: comparison failed\n", tests[i].name);
 296             ++failures;
 297             continue;
 298         }
 299
 300         current_state = "copy";
 301         if (copy) {
 302             to = emalloc(data_size);
 303             ret = (*copy)(data, to);
 304             if (ret != 0) {
 305                 printf ("copy of %s failed %d\n", tests[i].name, ret);
 306                 ++failures;
 307                 continue;
 308             }
 309
 310             current_state = "cmp-copy";
 311             if ((*cmp)(data, to) != 0) {
 312                 printf ("%s: copy comparison failed\n", tests[i].name);
 313                 ++failures;
 314                 continue;
 315             }
 316         }
 317
 318         current_state = "free";
 319         if (free_data) {
 320             (*free_data)(data);
 321             if (to) {
 322                 (*free_data)(to);
 323                 free(to);
 324             }
 325         }
 326
 327         current_state = "free";
 328         map_free(buf_map, tests[i].name, "encode");
 329         map_free(buf2_map, tests[i].name, "decode");
 330         map_free(data_map, tests[i].name, "data");
 331
 332         sigaction (SIGSEGV, &osa, NULL);
 333     }
 334     current_state = "done";
 335     return failures;
 336 }
 337
 338 /*
 339  * check for failures
 340  *
 341  * a test size (byte_len) of -1 means that the test tries to trigger a
 342  * integer overflow (and later a malloc of to little memory), just
 343  * allocate some memory and hope that is enough for that test.
 344  */
 345
 346 int
 347 generic_decode_fail (const struct test_case *tests,
 348                      unsigned ntests,
 349                      size_t data_size,
 350                      int (*decode)(unsigned char *, size_t, void *, size_t *))
 351 {
 352     unsigned char *buf;
 353     int i;
 354     int failures = 0;
 355     void *data;
 356     struct map_page *data_map, *buf_map;
 357
 358     struct sigaction sa, osa;
 359
 360     for (i = 0; i < ntests; ++i) {
 361         int ret;
 362         size_t sz;
 363         const void *bytes;
 364
 365         current_test = tests[i].name;
 366
 367         current_state = "init";
 368
 369         sigemptyset (&sa.sa_mask);
 370         sa.sa_flags = 0;
 371 #ifdef SA_RESETHAND
 372         sa.sa_flags |= SA_RESETHAND;
 373 #endif
 374         sa.sa_handler = segv_handler;
 375         sigaction (SIGSEGV, &sa, &osa);
 376
 377         data = map_alloc(OVERRUN, NULL, data_size, &data_map);
 378
 379         if (tests[i].byte_len < 0xffffff && tests[i].byte_len >= 0) {
 380             sz = tests[i].byte_len;
 381             bytes = tests[i].bytes;
 382         } else {
 383             sz = 4096;
 384             bytes = NULL;
 385         }
 386
 387         buf = map_alloc(OVERRUN, bytes, sz, &buf_map);
 388
 389         if (tests[i].byte_len == -1)
 390             memset(buf, 0, sz);
 391
 392         current_state = "decode";
 393         ret = (*decode) (buf, tests[i].byte_len, data, &sz);
 394         if (ret == 0) {
 395             printf ("sucessfully decoded %s\n", tests[i].name);
 396             ++failures;
 397             continue;
 398         }
 399
 400         current_state = "free";
 401         if (buf)
 402             map_free(buf_map, tests[i].name, "encode");
 403         map_free(data_map, tests[i].name, "data");
 404
 405         sigaction (SIGSEGV, &osa, NULL);
 406     }
 407     current_state = "done";
 408     return failures;
 409 }